Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

PIX 501 Config question for Web Server

Hello.. I have a PIX 501 and want to set it up so that http and https traffic goes to my webserver on my network.  I have read a few posts here and am not really sure which direction to go.  Any advice would be greatly appreciated...
0
JBESyst
Asked:
JBESyst
  • 3
  • 3
1 Solution
 
GuruChiuCommented:
Assuming your Pix501 is already working (IP addresses setup correctly, routing, nat, acl all setup correctly).

To add a public server which allow http & https:

! x.x.x.x is one of the public IP that your ISP gave you and you assign this to your web server
! y.y.y.y is the internal IP address of your web server
static (inside,outside) x.x.x.x y.y.y.y
! allow incoming traffic to your web server
access-list acl-out permit ip any host x.x.x.x eq 80
access-list acl-out permit ip any host x.x.x.x eq 443
access-group acl-out in interface outside



0
 
JBESystAuthor Commented:
Yes the router is up and running but I probably should have mentioned my outside address is dynamic.. is through the cable company..  will this change the config or should I put what IP address the router pulled from DHCP in the x.x.x.x spot?
0
 
GuruChiuCommented:
In that case, it is unlikely that your ISP give you more than one IP address. You basically have to share that IP address with everything else. Use this instead:

static (inside,outside) tcp interface 80 1y.y.y.y 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 1y.y.y.y 443 netmask 255.255.255.255
access-list acl-out permit ip any any eq 80
access-list acl-out permit ip any any eq 443
access-group acl-out in interface outside


0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
JBESystAuthor Commented:
One more silly question . is the 1 infront of the y.y.y.y something that sould be there lik  1192.168.123.3 or is it the just the beginning of the address like 192.168.123.3
0
 
GuruChiuCommented:
Good catch. It is a typo. it should be:

static (inside,outside) tcp interface 80 y.y.y.y 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 y.y.y.y 443 netmask 255.255.255.255
0
 
JBESystAuthor Commented:
thanks for the help mate...
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now